Closed code423n4 closed 2 years ago
pmerkleplant
The _transferFromOrWrap function in Slingshot.sol should require msg.value == 0 if fromToken != nativeToken, see line 150 for missing check.
_transferFromOrWrap
Slingshot.sol
msg.value == 0
fromToken != nativeToken
Otherwise, the user will lose the native tokens and they would need to be manually rescued by Slingshot's admin through the rescueTokens function.
Slingshot
rescueTokens
Duplicate of #95
tommyz7
commented
2 years ago tommyz7
commented
2 years ago
Handle
pmerkleplant
Vulnerability details
The
_transferFromOrWrapfunction inSlingshot.solshould requiremsg.value == 0iffromToken != nativeToken, see line 150 for missing check.Otherwise, the user will lose the native tokens and they would need to be manually rescued by
Slingshot's admin through therescueTokensfunction.